Complete, Data-Centric Security

TokenEx is an Oklahoma-based data-security company that's easy to integrate and third-party agnostic. Our Cloud Security Platform maximizes security and reduces scope without restricting access to data.


No Data, No Theft

TokenEx is devoted to tokenization as a means of industry and regulatory compliance. Founded in 2010 by two former Qualified Security Assessors, TokenEx was created with the mission of providing organizations with the most secure, non-intrusive, and flexible data-security solution on the market.

PCI Certified Level 1 Service Provider

TokenEx is a PCI Certified Level 1 Service Provider, and the TokenEx Cloud Security Platform is designed to help you achieve PCI compliance.


SSAE 18 SOC 2 and 3

An assessment of TokenEx’s control environment is performed by independent service auditors on a regular basis. The SOC (Service Organization Controls) 2 and 3 reports examine the controls TokenEx maintains over its infrastructure, software, networks, people, procedures, and processes. Based on the Trust Services Criteria, the reports confirm:


  • Security. The system is protected against unauthorized access (both physical and logical).
  • Availability. The system is available for operation and use as committed or agreed.
  • Confidentiality. Information designated as confidential is protected as committed or agreed.

General Data Protection Regulation

TokenEx is compliant with the General Data Protection Regulation (GDPR), legislation enacted by the EU (European Union) to help fortify data protection for all individuals within the EU.  The goal of the regulation is to protect the personal data of all EU citizens by regulating how their data is shared, stored, and managed. It also addresses the export of personal data outside of the EU. Moreover, it is designed to standardize data privacy laws across the EU with the main goal to “protect and empower all EU citizens' data privacy and to reshape the way organizations across the region approach data privacy.”

The TokenEx platform is used by clients worldwide, including clients in the vast majority of EU nations, to secure and protect both PCI and personal data sets. TokenEx’s tokenization process is a well-recognized and accepted form of pseudonymization, making compliance with the privacy requirements of GDPR more certain, less costly, and much simpler.

HiTrust Compliant

The HITRUST Common Security Framework (CSF) provides organizations with a comprehensive approach to compliance and risk management.  The HITRUST CSF combines key regulations and standards into a single overarching framework, including those applicable to PCI, PHI, and PII. 

TokenEx’s control environment is aligned with the HITRUST CSF.

Privacy Shield (EU-U.S. and Swiss-U.S.)

TokenEx complies with both the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information to and from the European Union, the United States, the member countries, and Switzerland, as applicable to each framework.

TokenEx has certified to the Department of Commerce that it adheres to both the Privacy Shield Principles and the Swiss-U.S. Privacy Shield.

Cloud Security Alliance Security, Trust & Assurance Registry

The Cloud Security Alliance’s Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies that use STAR follow best practices and validate the security posture of their cloud offerings. 

The STAR registry documents the security and privacy controls provided by popular cloud-computing offerings. This publicly accessible registry allows cloud customers to assess their security providers in order to make the best procurement decisions. TokenEx completes an annual Cloud Controls Matrix self-assessment, and we subscribe to the Cloud Security Alliance Code of Conduct for GDPR Compliance.


Security Controls Due Diligence

TokenEx regularly performs due diligence on the security controls we have in place. Due diligence of these controls includes but is not limited to:

• Network Penetration Testing
• Dynamic and Static Application Security Testing
• Wireless Penetration Testing and Assessment
• Network Vulnerability Scanning
• Device Configuration Reviews
• Access Control Reviews
• Log Reviews

A Proven, Recognized Solution

TokenEx and its employees work year-round to earn and maintain industry certifications and accolades. Here are just a few of our more prominent distinctions:
  • PCI-Certified Level I Service Provider.
  • PCI Award of Excellence.
  • Metro 50 Winner.
  • Better Business Bureau Accredited Business.
  • Inc. 5000.

Careers at TokenEx

Are you looking for a challenging career in a growing industry? TokenEx is always looking for top-tier talent to join our expanding team.

See Careers

Benefits of working at TokenEx

  • 401k plan with company match
  • Medical Insurance
  • Dental Insurance
  • Company Paid Life Insurance
  • FSA Plans (Flexible Spending Accounts)
  • Short-Term Disability